AI Act vs GDPR: Automated Decision-Making Obligations Compared

AZOP (Croatia) - Decision 25-07-2022 (HR) — gdprhub
AZOP (Croatia) - Decision 25-07-2022 Authority: AZOP Country: HR Case Number: Decision 25-07-2022 Date: 2022-07-25 Type: Other Outcome: Fine: 120,000 EUR === Facts === The case concerned criminal proceedings before the Municipal Misdemeanor Court i

Garante per la protezione dei dati personali (Italy) - 10074601 (IT) — gdprhub
Garante per la protezione dei dati personali (Italy) - 10074601 Authority: Garante per la protezione dei dati personali Country: IT Case Number: 10074601 Date: Unknown Type: Investigation Outcome: Violation Found Fine: 5,000,000 EUR Parties: Foodinho

IMY: Vägledning om AI och dataskydd (SE) — imy
IMY: Vägledning om AI och dataskydd IMY: Vägledning om AI och dataskydd Kategori: AI och dataskydd Type: Vägledning Källa: https://www.imy.se/verksamhet/ai/ IMY's guidance on AI and data protection in Sweden. Key points: (1) AI systems that process p

DSB (Austria) - D124.2695/24 2025-0.328.963 (AT) — gdprhub
DSB (Austria) - D124.2695/24 2025-0.328.963 Authority: DSB Country: AT Case Number: D124.2695/24 2025-0.328.963 Date: 2025-10-14 Type: Complaint Outcome: Upheld Parties: CRIF GDPR Articles: Article 12 GDPR, Article 15(1)(c) GDPR, Article 15(1)(g) GD

Garante per la protezione dei dati personali (Italy) - 10230412 (IT) — gdprhub
Garante per la protezione dei dati personali (Italy) - 10230412 Authority: Garante per la protezione dei dati personali Country: IT Case Number: 10230412 Date: 2026-03-12 Type: Complaint Outcome: Upheld Parties: Intesa Sanpaolo S.p.A. GDPR Articles:

EUR-Lex: 32016R0951 (2016-06-15) (EU) — eurlex
EUR-Lex: 32016R0951 (2016-06-15) CELEX: 32016R0951 Date: 2016-06-15 Family: GDPR family L_2016159EN.01000601.xml 16.6.2016 EN Official Journal of the European Union L 159/6 COMMISSION IMPLEMENTING REGULATION (EU) 2016/951 of 15 June 2016 approving t

ETid-1890: Credit agency — GERMANY (DE) — cms_enforcement
ETid-1890: Credit agency — GERMANY GDPR Enforcement Action: ETid-1890 Authority: Data Protection Authority of Berlin Country: GERMANY (DE) Date: 2022 Controller/Processor: Credit agency Sector: Finance, Insurance and Consulting GDPR Articles Violated

ETid-1856: Deutsche Kreditbank — GERMANY (€300,000) (DE) — cms_enforcement
ETid-1856: Deutsche Kreditbank — GERMANY (€300,000) GDPR Enforcement Action: ETid-1856 Authority: Data Protection Authority of Berlin Country: GERMANY (DE) Date: 2023-05-31 Fine: €300,000 Controller/Processor: Deutsche Kreditbank Sector: Finance, Ins

ETid-2641: UNIÓN DE CRÉDITO PARA LA FINANCIACIÓN MOBILIARIA E INMOBILIARIA EFC — SPAIN (€120,000) (ES) — cms_enforcement
ETid-2641: UNIÓN DE CRÉDITO PARA LA FINANCIACIÓN MOBILIARIA E INMOBILIARIA EFC — SPAIN (€120,000) GDPR Enforcement Action: ETid-2641 Authority: Spanish Data Protection Authority (aepd) Country: SPAIN (ES) Date: 2025-05-09 Fine: €120,000 Controller/Pr

ETid-239: Bank (name not available at the moment) — CROATIA (HR) — cms_enforcement
ETid-239: Bank (name not available at the moment) — CROATIA GDPR Enforcement Action: ETid-239 Authority: Croatian Data Protection Authority (azop) Country: CROATIA (HR) Date: 2020-03-13 Controller/Processor: Bank (name not available at the moment) Se

LfD (Lower Saxony) - Fine EUR 900,000 against bank (DE) — gdprhub
LfD (Lower Saxony) - Fine EUR 900,000 against bank Authority: LfD Country: DE Case Number: None Date: 2022-06-28 Type: Investigation Outcome: Violation Found GDPR Articles: Article 6(1)(a) GDPR, Article 6(1)(f) GDPR === Facts === A commercial bank (

UODO (Poland) - DKN.5112.14.2022 (PL) — gdprhub
UODO (Poland) - DKN.5112.14.2022 Authority: UODO Country: PL Case Number: DKN.5112.14.2022 Date: Unknown Type: Investigation Outcome: Violation Found Fine: 576,220 EUR GDPR Articles: Article 30(1) GDPR, Article 35(1) GDPR, Article 35(7) GDPR, Article